https://connect.hyland.com/t5/alfresco-archive/rest-api-authentication-state/m-p/83968#M56471 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>Im trying to understand where the REAST API authentication state is held. For example I can call the login action and I get a valid response, however I don't see a header or token which indicates I have authenticated for subsequent calls. Hence is it the case that the connection is treated as an authenticated connection and thus subsequent calls must be made over the same connection? The implication that authentication state is thus maintained server side?</SPAN><BR /><BR /><SPAN>R</SPAN></BODY></HTML> Sat, 28 Apr 2012 00:03:56 GMT webcyberrob 2012-04-28T00:03:56Z https://connect.hyland.com/t5/alfresco-archive/rest-api-authentication-state/m-p/83968#M56471 Hi,Im trying to understand where the REAST API authentication state is held. For example I can call the login action and I get a valid response, however I don't see a header or token which indicates I have authenticated for subsequent calls. Hence is it the case that the connection is treated as an Sat, 28 Apr 2012 00:03:56 GMT https://connect.hyland.com/t5/alfresco-archive/rest-api-authentication-state/m-p/83968#M56471 webcyberrob 2012-04-28T00:03:56Z https://connect.hyland.com/t5/alfresco-archive/rest-api-authentication-state/m-p/83969#M56472 <HTML><HEAD></HEAD><BODY><SPAN>Ok - I think Ive worked it out now…the REST implementation is essentially stateless, the authentication attributes (username &amp; password) are sent in the header with each request.</SPAN><BR /><BR /><SPAN>I interpreted the login API as creating an authenticated session rather than just an API to authenticate the username, password pair.</SPAN><BR /><BR /><SPAN>R</SPAN></BODY></HTML> Wed, 09 May 2012 05:53:41 GMT https://connect.hyland.com/t5/alfresco-archive/rest-api-authentication-state/m-p/83969#M56472 webcyberrob 2012-05-09T05:53:41Z